<?php
if ( !defined( "IN_OP" ) )
{
    exit( "You can't access this file directly..." );
}
$ui = new UI();
$tpl = new Template2();
$tpl->load( array( "main" => "chgpwd.htm", "news" => "news.htm" ) );
$conf = new Config();
$news = $conf->Get( "news" );
$tpl->set( "newsmessage", $news );
$tpl->show( "news" );
echo "<br>";
if ( getvar( "oldpass" ) != "" )
{
    $rs = getdb( "select * from k_user where id=".$curruser['id']." and pass='".md5( getvar( "oldpass" ) )."'" );
    if ( $rs->eof )
    {
        diemsg( "旧密码错误！" );
    }
    $newpass = getvar( "newpass" );
    getdb( "update k_user set pass='".md5( $newpass )."' where id=".$curruser['id'] );
    getdb( "delete from k_sessions where uid=".$curruser['id'] );
    header( "refresh: 5; url=op.php?op=core&fp=logout" );
    $ui->showErrorPage( "<p>更改密码成功！</p><p>你必须用新密码登入</p>" );
    exit();
}
$tpl->set( "action", "?".$_SERVER['QUERY_STRING'] );
$tpl->show( "main" );
?>